Provide support for DNS nodelocal

Signed-off-by: Manuel Buil <mbuil@suse.com>
rancher · Jul 27, 2021 · ccdb681 · ccdb681
1 parent ee64508
commit ccdb681
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -97,7 +97,7 @@ RUN CHART_VERSION="1.9.808"                   CHART_FILE=/charts/rke2-cilium.yam
 RUN CHART_VERSION="v3.19.1-build2021061107"   CHART_FILE=/charts/rke2-canal.yaml          CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="v3.1907"                   CHART_FILE=/charts/rke2-calico.yaml         CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="v1.0.007"                  CHART_FILE=/charts/rke2-calico-crd.yaml     CHART_BOOTSTRAP=true   /charts/build-chart.sh
-RUN CHART_VERSION="1.16.201-build2021072301"  CHART_FILE=/charts/rke2-coredns.yaml        CHART_BOOTSTRAP=true   /charts/build-chart.sh
+RUN CHART_VERSION="1.16.201-build2021072303"  CHART_FILE=/charts/rke2-coredns.yaml        CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="3.34.001"                  CHART_FILE=/charts/rke2-ingress-nginx.yaml  CHART_BOOTSTRAP=false  /charts/build-chart.sh
 RUN CHART_VERSION="v1.21.3-rke2r1-build2021072101" \
     CHART_PACKAGE="rke2-kube-proxy-1.21"      CHART_FILE=/charts/rke2-kube-proxy.yaml     CHART_BOOTSTRAP=true   /charts/build-chart.sh

diff --git a/bundle/bin/rke2-killall.sh b/bundle/bin/rke2-killall.sh
@@ -73,5 +73,15 @@ ip link delete flannel.1
 ip link delete vxlan.calico
 ip link delete cilium_vxlan
 ip link delete cilium_net
+
+#Delete the nodeLocal created objects
+if [ -d /sys/class/net/nodelocaldns ]; then
+  for i in $(ip address show nodelocaldns | grep inet | awk '{print $2}');
+  do
+    iptables-save | grep -v $i | iptables-restore
+  done
+  ip link delete nodelocaldns
+fi
+
 rm -rf /var/lib/cni/
 iptables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | iptables-restore
diff --git a/docs/networking.md b/docs/networking.md
@@ -18,6 +18,10 @@ If you don't install CoreDNS, you will need to install a cluster DNS provider yo
 
 CoreDNS is deployed with the [autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler) by default. To disable it or change its config, use the [HelmChartConfig](https://docs.rke2.io/helm/#customizing-packaged-components-with-helmchartconfig) resource.
 
+### NodeLocal DNSCache
+
+[NoceLocal DNSCache](https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/) improves the performance by running a dns caching agent on each node. It is possible to activate this feature when deploying CoreDNS by modifying the helm chart value `.Values.nodelocal.enabled` as can be seen in its [Chart](https://github.com/rancher/rke2-charts/blob/main/charts/rke2-coredns/rke2-coredns/1.16.201-build2021072302/values.yaml#L305-L311)
+
 ## Nginx Ingress Controller
 
 [nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller powered by NGINX that uses a ConfigMap to store the NGINX configuration.

diff --git a/scripts/build-images b/scripts/build-images
@@ -15,6 +15,8 @@ xargs -n1 -t docker image pull --quiet << EOF >> build/images-core.txt
     ${REGISTRY}/rancher/hardened-kubernetes:${KUBERNETES_IMAGE_TAG}
     ${REGISTRY}/rancher/hardened-coredns:v1.8.3-build20210720
     ${REGISTRY}/rancher/mirrored-cluster-proportional-autoscaler:1.8.3
+    ${REGISTRY}/rancher/mirrored-k8s-dns-node-cache:1.15.13
+    ${REGISTRY}/rancher/library-busybox:1.32.1
     ${REGISTRY}/rancher/hardened-etcd:${ETCD_VERSION}-${IMAGE_BUILD_VERSION}
     ${REGISTRY}/rancher/hardened-k8s-metrics-server:v0.3.6-${IMAGE_BUILD_VERSION}
     ${REGISTRY}/rancher/klipper-helm:v0.6.1-build20210616